A flaw was found in the Linux kernel. A race condition occurs between bcm_release() and bcm_rx_handler() leading to various use-after-free's in bcm_rx_handler() and, depending on the provided flags, also in bcm_rx_timeout_handler(). The use-after-free's in combination with a heap spray may lead to sensitive socket data being overwritten, resulting in local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in the Linux kernel. A race condition occurs between bcm_release() and bcm_rx_handler() leading to various use-after-free's in bcm_rx_handler() and, depending on the provided flags, also in bcm_rx_timeout_handler(). The use-after-free's in combination with a heap spray may lead to sensitive socket data being overwritten, resulting in local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Red Hat Product Security is aware of this issue. Updates will be released as they become available.
In order to mitigate this issue it is possible to prevent the affected code from being loaded by blocklisting the kernel module can-bcm. For instructions relating to how to blocklist a kernel module refer to: https://access.redhat.com/solutions/41278 .
Vulmon